/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ /* * Do not modify this file. This file is generated from the logs-2014-03-28.normal.json service model. */ using System; using System.Collections.Generic; using System.Xml.Serialization; using System.Text; using System.IO; using System.Net; using Amazon.Runtime; using Amazon.Runtime.Internal; namespace Amazon.CloudWatchLogs.Model { ///

/// Container for the parameters to the AssociateKmsKey operation. /// Associates the specified KMS key with either one log group in the account, or with /// all stored CloudWatch Logs query insights results in the account. /// /// /// /// When you use AssociateKmsKey, you specify either the logGroupName /// parameter or the resourceIdentifier parameter. You can't specify both /// of those parameters in the same operation. /// ///

/// /// Specify the logGroupName parameter to cause all log events stored in /// the log group to be encrypted with that key. Only the log events ingested after the /// key is associated are encrypted with that key. /// /// /// /// Associating a KMS key with a log group overrides any existing associations between /// the log group and a KMS key. After a KMS key is associated with a log group, all newly /// ingested data for the log group is encrypted using the KMS key. This association is /// stored as long as the data encrypted with the KMS key is still within CloudWatch Logs. /// This enables CloudWatch Logs to decrypt this data whenever it is requested. /// /// /// /// Associating a key with a log group does not cause the results of queries of that log /// group to be encrypted with that key. To have query results encrypted with a KMS key, /// you must use an AssociateKmsKey operation with the resourceIdentifier /// parameter that specifies a query-result resource. /// ///
/// /// Specify the resourceIdentifier parameter with a query-result /// resource, to use that key to encrypt the stored results of all future StartQuery /// operations in the account. The response from a GetQueryResults /// operation will still return the query results in plain text. /// /// /// /// Even if you have not associated a key with your query results, the query results are /// encrypted when stored, using the default CloudWatch Logs method. /// /// /// /// If you run a query from a monitoring account that queries logs in a source account, /// the query results key from the monitoring account, if any, is used. /// ///

/// /// If you delete the key that is used to encrypt log events or log group query results, /// then all the associated stored log events or query results that were encrypted with /// that key will be unencryptable and unusable. /// /// /// /// CloudWatch Logs supports only symmetric KMS keys. Do not use an associate an asymmetric /// KMS key with your log group or query results. For more information, see Using /// Symmetric and Asymmetric Keys. /// /// /// /// It can take up to 5 minutes for this operation to take effect. /// /// /// /// If you attempt to associate a KMS key with a log group but the KMS key does not exist /// or the KMS key is disabled, you receive an InvalidParameterException /// error. /// ///

public partial class AssociateKmsKeyRequest : AmazonCloudWatchLogsRequest { private string _kmsKeyId; private string _logGroupName; private string _resourceIdentifier; ///

/// Gets and sets the property KmsKeyId. /// /// The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data. This /// must be a symmetric KMS key. For more information, see Amazon /// Resource Names and Using /// Symmetric and Asymmetric Keys. /// ///

[AWSProperty(Required=true, Max=256)] public string KmsKeyId { get { return this._kmsKeyId; } set { this._kmsKeyId = value; } } // Check to see if KmsKeyId property is set internal bool IsSetKmsKeyId() { return this._kmsKeyId != null; } ///

/// Gets and sets the property LogGroupName. /// /// The name of the log group. /// /// /// /// In your AssociateKmsKey operation, you must specify either the resourceIdentifier /// parameter or the logGroup parameter, but you can't specify both. /// ///

[AWSProperty(Min=1, Max=512)] public string LogGroupName { get { return this._logGroupName; } set { this._logGroupName = value; } } // Check to see if LogGroupName property is set internal bool IsSetLogGroupName() { return this._logGroupName != null; } ///

/// Gets and sets the property ResourceIdentifier. /// /// Specifies the target for this operation. You must specify one of the following: /// ///

/// /// Specify the following ARN to have future GetQueryResults /// operations in this account encrypt the results with the specified KMS key. Replace /// REGION and ACCOUNT_ID with your Region and account ID. /// /// /// /// arn:aws:logs:REGION:ACCOUNT_ID:query-result:* /// ///
/// /// Specify the ARN of a log group to have CloudWatch Logs use the KMS key to encrypt /// log events that are ingested and stored by that log group. The log group ARN must /// be in the following format. Replace REGION and ACCOUNT_ID with your /// Region and account ID. /// /// /// /// arn:aws:logs:REGION:ACCOUNT_ID:log-group:LOG_GROUP_NAME /// /// ///

/// /// In your AssociateKmsKey operation, you must specify either the resourceIdentifier /// parameter or the logGroup parameter, but you can't specify both. /// ///

[AWSProperty(Min=1, Max=2048)] public string ResourceIdentifier { get { return this._resourceIdentifier; } set { this._resourceIdentifier = value; } } // Check to see if ResourceIdentifier property is set internal bool IsSetResourceIdentifier() { return this._resourceIdentifier != null; } } }